From 6af31393296abbe06eb3b7c0b4c60ab3d697618e Mon Sep 17 00:00:00 2001 From: Joe Rayhawk Date: Sat, 4 Jun 2011 18:49:10 -0700 Subject: Bugfixes for core.sharedrepo --- libpiny/lib/Piny/Repo.pm | 49 +++++++++++++++++++++++++++++------------------- 1 file changed, 30 insertions(+), 19 deletions(-) (limited to 'libpiny/lib/Piny') diff --git a/libpiny/lib/Piny/Repo.pm b/libpiny/lib/Piny/Repo.pm index b265705..fea6846 100644 --- a/libpiny/lib/Piny/Repo.pm +++ b/libpiny/lib/Piny/Repo.pm @@ -628,22 +628,33 @@ sub _build_ikiwiki_setup { $config->{"srcdir"} = $s->ikiwiki_srcdir; $config->{"destdir"} = $s->ikiwiki_destdir; $config->{"url"} = $s->ikiwiki_url; - $config->{"cgiurl"} = $s->ikiwiki_cgiurl; $config->{"historyurl"} = $s->ikiwiki_historyurl; $config->{"diffurl"} = $s->ikiwiki_diffurl; - $config->{"wrappers"} = - [ { "wrapper" => $s->ikiwiki_cgipath - , "wrappergroup" => $s->group->name - , "wrappermode" => "06755" - , "cgi" => 1 - } - , { "wrapper" => $s->path . "/hooks/post-update" - , "wrappergroup" => $s->group->name - , "wrappermode" => "06755" - , "notify" => 0 - } - ]; + if ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) { + warn( "warning: ikiwiki web-based editing interface relies on group writability.\n" ); + $config->{"wrappers"} = + [ { "wrapper" => $s->path . "/hooks/post-update" + , "wrappergroup" => $s->group->name + , "wrappermode" => "06755" + , "notify" => 0 + } + ]; + } else { + $config->{"cgiurl"} = $s->ikiwiki_cgiurl; + $config->{"wrappers"} = + [ { "wrapper" => $s->ikiwiki_cgipath + , "wrappergroup" => $s->group->name + , "wrappermode" => "06755" + , "cgi" => 1 + } + , { "wrapper" => $s->path . "/hooks/post-update" + , "wrappergroup" => $s->group->name + , "wrappermode" => "06755" + , "notify" => 0 + } + ]; + }; if ( -e "/etc/ikiwiki/piny/" . $s->name . ".setup.pl" ) { system( "perl", "-C", "/etc/ikiwiki/piny/" . $s->name . ".setup.pl" ) && die ( 'Failed to compile ikiwiki overrides file!' ); @@ -734,21 +745,21 @@ sub _build_apache_global_config { if ( $s->config->core_sharedrepository eq "0666" ) { return ( - "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n" . " AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " \n" + "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Valid Piny user needed.\"\n" . " Require valid-user\n" . " \n" ); } elsif ( $s->config->core_sharedrepository =~ /^(0664|all|everybody|world)$/ ) { return ( - "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" + "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" ); } elsif ( $s->config->core_sharedrepository =~ /^(0660|true|1|group)$/ ) { return ( - "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" . - "ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" + "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" . + "ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" ); } elsif ( $s->config->core_sharedrepository =~ /^(0640|false|0)$/ ) { return ( - "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n" . " AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n\n" . - "ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" + "secure_path . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled off\n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"Owner of " . $s->name . " repository needed.\"\n Require user " . $s->owner->name . "\n\n" . + "ikiwiki_destdir . ">\n SSLRequireSSL\n AuthPAM_Enabled on\n AuthGROUP_Enabled on \n AuthPAM_FallThrough off\n AuthBasicAuthoritative off\n AuthType Basic\n AuthName \"User with access to " . $s->name . " repository needed.\"\n Require group " . $s->group->name . "\n\n" ); } else { die ( $s->config->core_sharedrepository . "is an unhandled value!" ); -- cgit v1.2.3